Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Aug 2006 20:29:17 -0700
From:      "Nikolas Britton" <nikolas.britton@gmail.com>
To:        "Matthew Seaman" <m.seaman@infracaninophile.co.uk>
Cc:        Paul Schmehl <pauls@utdallas.edu>, "Marc G. Fournier" <scrappy@freebsd.org>, freebsd-questions@freebsd.org
Subject:   Re: BSDstats Project v2.0 ...
Message-ID:  <ef10de9a0608112029s46dd1f78h56f45548e79061d0@mail.gmail.com>
In-Reply-To: <44DC8868.4050009@infracaninophile.co.uk>
References:  <20060807003815.C7522@ganymede.hub.org> <20060809072313.GA19441@sysadm.stc> <20060809055245.J7522@ganymede.hub.org> <44D9F9C4.4050406@utdallas.edu> <20060809130354.U7522@ganymede.hub.org> <ef10de9a0608091700x6cc268ear6566c26f93f1fdf0@mail.gmail.com> <ef10de9a0608100327r5b402d64xc4eef38a4f61ba4e@mail.gmail.com> <ef10de9a0608110342q62f81fc8p5fb4b4df37595593@mail.gmail.com> <20060811100914.U7522@ganymede.hub.org> <44DC8868.4050009@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On 8/11/06, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
> Marc G. Fournier wrote:
> > On Fri, 11 Aug 2006, Nikolas Britton wrote:
> >
> >> Ok... With my new script it took only 158 minutes to compute ALL
> >> TCP/IP address hashes. I'll repeat that... I have an md5 hash for
> >> every IP address in the world! All I need to do is grep your hash and
> >> it will tell me your IP address. yippee! :-)
> >
> > Can someone please explain to me what exactly you are trying to secure
> > against in this case?
>
> He's trying to prevent any possibility of information disclosure about
> his servers.  If I wanted to hack into his site, knowing what hosts he
> had running (ie. a bunch of live IP numbers) and what OS etc. each used
> would mean I'm already halfway to my goal.  Now, while the design of
> bsdstats does not disclose that sort of stuff readily, any security
> conscious admin is going to worry about that data being collected and
> held outside of his administrative control.  Having a completely
> anonymous and untraceable token to identify each of the hosts sending
> in information should make connecting the information back to the
> original sender practically impossible.
>

YES! what he said... I don't want ANYTHING to trace back to me or my systems.

> Although, playing devil's advocate here, anyone that could steal the
> Apache log files from the bsdstats server would be able to work out
> that sort of data fairly readily.  I guess the truly paranoid should
> only submit their data via some sort of anonymizing proxy.
>

That's simple, don't keep the log files...

* Can we trust Marc to delete them?
* I thought this was going to be an official FreeBSD project hosted on
 freebsd.org?
* Maybe we should get the OpenBSD people involved?

Just thinking out loud :-/


-- 
BSD Podcasts @:
http://bsdtalk.blogspot.com/
http://freebsdforall.blogspot.com/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef10de9a0608112029s46dd1f78h56f45548e79061d0>